Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

macOS Apple FIPS Cryptographic Module

This module is certified for use in environments (governments, for instance), where FIPS-140 compliant cryptography is required by security policy.
It just library, which will perform all cryptographic operations (signing/encryption), like other ones, except that it will make it in the way described in FIPS-140
 
Nikh said:
This module is certified for use in environments (governments, for instance), where FIPS-140 compliant cryptography is required by security policy.
It just library, which will perform all cryptographic operations (signing/encryption), like other ones, except that it will make it in the way described in FIPS-140
Click to expand...

I have tried to understand this FIPS-140 compliant cryptography but not sure if my understanding is right.

I have listed my understanding of this link below.

This cryptography module is used to enforce security in the Apple OS using standard defined by FIPS 140-2. Does this happen by encrypting all the user info related files in the OS? Or is it only for third party application.

And for third party application, how does it achieve the security by consuming this cryptography module? Does an app use this crypto module to encrypt all it's config files/user related info thereby complying with this standard? Or is there something else to it?

Please do help me understand this.

Thanks & Regards.
 
mycompuser said:
This cryptography module is used to enforce security in the Apple OS using standard defined by FIPS 140-2. Does this happen by encrypting all the user info related files in the OS? Or is it only for third party application.
Click to expand...

Nothing like that at all. There are functions for cryptography built into MacOS X. Software can use these functions. But you don't really know if all these functions work as intended, and whether the cryptography is really safe. That's what this is for: This cryptography module has been independently tested and verified by people who know what they are doing, so you know as a software developer that anything encrypted with this cannot be cracked. And the administrator tools let you verify that on a particular Mac, the right cryptography software is installed, and hasn't been replaced with something that is less safe.

So basically this just guarantees that cryptography on MacOS X isn't written by some clueless numpty and can be cracked, but is as safe as it can be. You still need software that uses it.
 
gnasher729 said:
So basically this just guarantees that cryptography on MacOS X isn't written by some clueless numpty and can be cracked, but is as safe as it can be. You still need software that uses it.
Click to expand...

Hi gnasher729,

Now I kinda get it. Basically cryptography module is an build-in framework provided by Mac OSX (following FIPS-140 encryption standard) for applications to encrypt/decrypt the data that they want to secure.

Is this encryption/decryption module available in Security.framework framework?
 
mycompuser said:
Hi gnasher729,

Now I kinda get it. Basically cryptography module is an build-in framework provided by Mac OSX (following FIPS-140 encryption standard) for applications to encrypt/decrypt the data that they want to secure.

Is this encryption/decryption module available in Security.framework framework?
Click to expand...

To get started, go to developer.apple.com, get the free developer account, then check out the WWDC 2012 videos. There is one 1 hour video about everything related to security, including Security.framework.
 
gnasher729 said:
To get started, go to developer.apple.com, get the free developer account, then check out the WWDC 2012 videos. There is one 1 hour video about everything related to security, including Security.framework.
Click to expand...

I already have an account. Will try the same.
Thanks for the lead. :D
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back